Password manager LastPass has reported a cybersecurity incident after its systems were compromised for the second time this year. The details of the breach were shared by CEO Karun Toubba, who said the company is investigating the latest breach of the password manager.
Toubba said in a blog post that the company was alerted to some unusual activity in its third-party cloud storage service. He said that an “unauthorized party” recently gained access to some customers’ information stored in a third-party cloud service shared by LastPass and its parent company, GoTo. Toubba said the unauthorized party used information stolen from LastPass’ systems in August, which the company disclosed at the time.
In August, LastPass confirmed the first breach, which enabled hackers to steal sensitive data and the company’s source code. Toubba mentioned that it is possible that the hackers might have used the information they got from the previous hack to gain access and steal information from its customers. He did not say what specific customer information was taken, but said it was working to “understand the scope of the incident and identify what specific information has been accessed.”
However, he has assured customers that none of the passwords have been exposed in this breach, claiming that LastPass’s zero knowledge tech keeps them secure behind strong encryption.
LastPass, which has more than 25 million users, works by aggregating the hundreds of passwords consumers and corporate users need to log into their social media accounts, business networks, online retailers and more.
- WhatsApp is Working on ‘View Once’ Text Feature - December 12, 2022
- Password Manager LastPass Confirms Second Data Breach in 2022 - December 1, 2022
- Amazon Closing Wholesale Distribution Unit in India, Its Third Business Exit in the Country - November 29, 2022